lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250103101231.1508151-2-b-padhi@ti.com>
Date: Fri, 3 Jan 2025 15:42:12 +0530
From: Beleswar Padhi <b-padhi@...com>
To: <andersson@...nel.org>, <mathieu.poirier@...aro.org>
CC: <afd@...com>, <hnagalla@...com>, <u-kumar1@...com>,
        <p.zabel@...gutronix.de>, <jan.kiszka@...mens.com>,
        <christophe.jaillet@...adoo.fr>, <jkangas@...hat.com>,
        <eballetbo@...hat.com>, <b-padhi@...com>,
        <linux-remoteproc@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH v8 01/20] remoteproc: k3-m4: Prevent Mailbox level IPC with detached core

Inter-Processor Communication is facilitated through mailbox payloads,
which typically contains the index of the triggered virtqueue having the
actual data to be consumed, but the payload can also be used for trivial
communication, like sending an echo message or notifying a crash etc.
When the core is detached, the virtqueues are freed, and thus the Virtio
level IPC is not functional. However, Mailbox IPC is still possible with
trivial payloads.

Therefore, introduce checks in k3_m4_rproc_kick() and
k3_m4_rproc_mbox_callback() functions to return early without parsing
the payload when core is detached, and is not undergoing an attach
operation in IPC-only mode.

Signed-off-by: Beleswar Padhi <b-padhi@...com>
---
 drivers/remoteproc/ti_k3_m4_remoteproc.c | 41 ++++++++++++++++++++----
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/drivers/remoteproc/ti_k3_m4_remoteproc.c b/drivers/remoteproc/ti_k3_m4_remoteproc.c
index a16fb165fced..3201c3684a86 100644
--- a/drivers/remoteproc/ti_k3_m4_remoteproc.c
+++ b/drivers/remoteproc/ti_k3_m4_remoteproc.c
@@ -50,6 +50,7 @@ struct k3_m4_rproc_mem_data {
 /**
  * struct k3_m4_rproc - k3 remote processor driver structure
  * @dev: cached device pointer
+ * @rproc: remoteproc device handle
  * @mem: internal memory regions data
  * @num_mems: number of internal memory regions
  * @rmem: reserved memory regions data
@@ -60,9 +61,11 @@ struct k3_m4_rproc_mem_data {
  * @ti_sci_id: TI-SCI device identifier
  * @mbox: mailbox channel handle
  * @client: mailbox client to request the mailbox channel
+ * @is_attach_ongoing: flag to indicate if IPC-only "attach()" is in progress
  */
 struct k3_m4_rproc {
 	struct device *dev;
+	struct rproc *rproc;
 	struct k3_m4_rproc_mem *mem;
 	int num_mems;
 	struct k3_m4_rproc_mem *rmem;
@@ -73,6 +76,7 @@ struct k3_m4_rproc {
 	u32 ti_sci_id;
 	struct mbox_chan *mbox;
 	struct mbox_client client;
+	bool is_attach_ongoing;
 };
 
 /**
@@ -93,8 +97,16 @@ static void k3_m4_rproc_mbox_callback(struct mbox_client *client, void *data)
 {
 	struct device *dev = client->dev;
 	struct rproc *rproc = dev_get_drvdata(dev);
+	struct k3_m4_rproc *kproc = rproc->priv;
 	u32 msg = (u32)(uintptr_t)(data);
 
+	/*
+	 * Do not forward messages from a detached core, except when the core
+	 * is in the process of being attached in IPC-only mode.
+	 */
+	if (!kproc->is_attach_ongoing && kproc->rproc->state == RPROC_DETACHED)
+		return;
+
 	dev_dbg(dev, "mbox msg: 0x%x\n", msg);
 
 	switch (msg) {
@@ -135,6 +147,12 @@ static void k3_m4_rproc_kick(struct rproc *rproc, int vqid)
 	u32 msg = (u32)vqid;
 	int ret;
 
+	/*
+	 * Do not forward messages to a detached core, except when the core
+	 * is in the process of being attached in IPC-only mode.
+	 */
+	if (!kproc->is_attach_ongoing && kproc->rproc->state == RPROC_DETACHED)
+		return;
 	/*
 	 * Send the index of the triggered virtqueue in the mailbox payload.
 	 * NOTE: msg is cast to uintptr_t to prevent compiler warnings when
@@ -515,15 +533,19 @@ static int k3_m4_rproc_stop(struct rproc *rproc)
 /*
  * Attach to a running M4 remote processor (IPC-only mode)
  *
- * The remote processor is already booted, so there is no need to issue any
- * TI-SCI commands to boot the M4 core. This callback is used only in IPC-only
- * mode.
+ * This rproc attach callback only needs to set the "is_attach_ongoing" flag to
+ * notify k3_m4_rproc_{kick/mbox_callback} functions that the core is in the
+ * process of getting attached in IPC-only mode. The remote processor is already
+ * booted, so there is no need to issue any TI-SCI commands to boot the M4 core.
+ * This callback is used only in IPC-only mode.
  */
 static int k3_m4_rproc_attach(struct rproc *rproc)
 {
 	struct k3_m4_rproc *kproc = rproc->priv;
 	int ret;
 
+	kproc->is_attach_ongoing = true;
+
 	ret = k3_m4_rproc_ping_mbox(kproc);
 	if (ret)
 		return ret;
@@ -534,12 +556,18 @@ static int k3_m4_rproc_attach(struct rproc *rproc)
 /*
  * Detach from a running M4 remote processor (IPC-only mode)
  *
- * This rproc detach callback performs the opposite operation to attach
- * callback, the M4 core is not stopped and will be left to continue to
- * run its booted firmware. This callback is invoked only in IPC-only mode.
+ * This rproc detach callback performs the opposite operation to attach callback
+ * and only needs to clear the "is_attach_ongoing" flag to ensure no mailbox
+ * messages are sent to or received from a detached core. The M4 core is not
+ * stopped and will be left to continue to run its booted firmware. This
+ * callback is invoked only in IPC-only mode.
  */
 static int k3_m4_rproc_detach(struct rproc *rproc)
 {
+	struct k3_m4_rproc *kproc = rproc->priv;
+
+	kproc->is_attach_ongoing = false;
+
 	return 0;
 }
 
@@ -577,6 +605,7 @@ static int k3_m4_rproc_probe(struct platform_device *pdev)
 	rproc->has_iommu = false;
 	rproc->recovery_disabled = true;
 	kproc = rproc->priv;
+	kproc->rproc = rproc;
 	kproc->dev = dev;
 	platform_set_drvdata(pdev, rproc);
 
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ